From 04756411ea947371f185e6248e8dc90afd19763c Mon Sep 17 00:00:00 2001 From: opeco17 Date: Mon, 4 Mar 2024 01:38:26 +0000 Subject: [PATCH] Fix test --- poetry_audit_plugin/safety.py | 1 + tests/test_main.py | 174 +++++++++++++++++++++++++++------- 2 files changed, 141 insertions(+), 34 deletions(-) diff --git a/poetry_audit_plugin/safety.py b/poetry_audit_plugin/safety.py index f6aab88..697278a 100644 --- a/poetry_audit_plugin/safety.py +++ b/poetry_audit_plugin/safety.py @@ -48,6 +48,7 @@ def build_safety_db_session( if proxy_host and proxy_port and proxy_protocol: proxy_config = {"https": f"{proxy_protocol}://{proxy_host}:{str(proxy_port)}"} try: + # Note: proxy_config is ignored when it's invalid or inaccessible inside build_client_session session, _ = build_client_session(api_key=key, proxies=proxy_config) except Exception as e: raise SafetyDBSessionBuildError(str(e)) diff --git a/tests/test_main.py b/tests/test_main.py index b0d36bd..74c5b06 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -4,6 +4,7 @@ from pathlib import Path from subprocess import CompletedProcess from typing import List +from poetry_audit_plugin.constants import * # At least there're following vulnerabilities in these packages. DEV_VULNERABILITY_PACKAGE = "ansible-runner" @@ -21,13 +22,13 @@ def copy_assets(source_name: str, testing_dir: Path) -> None: shutil.copytree(package_path, testing_dir) -def run_audit(testing_dir: Path, args: List[str] = []) -> CompletedProcess: +def run_audit(testing_dir: Path, *args: str) -> CompletedProcess: result = subprocess.run( [ "poetry", "audit", ] - + args, + + list(args), cwd=testing_dir, stdout=subprocess.PIPE, stderr=subprocess.PIPE, @@ -39,17 +40,17 @@ def run_audit(testing_dir: Path, args: List[str] = []) -> CompletedProcess: def test_no_vulnerabilities_basic_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("no_vulnerabilities", testing_dir) - result = run_audit(testing_dir=testing_dir) + result = run_audit(testing_dir) assert "poetry audit report" in result.stdout assert "No vulnerabilities found" in result.stdout - assert result.returncode == 0 + assert result.returncode == EXIT_CODE_OK def test_vulnerabilities_in_main_basic_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main", testing_dir) - result = run_audit(testing_dir=testing_dir) + result = run_audit(testing_dir) assert "poetry audit report" in result.stdout assert MAIN_VULNERABILITY_PACKAGE in result.stdout @@ -57,13 +58,13 @@ def test_vulnerabilities_in_main_basic_report(tmp_path: Path) -> None: assert MAIN_VULNERABILITY_CODE2 in result.stdout assert "vulnerabilities found" in result.stdout assert "No vulnerabilities found" not in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_dev_basic_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_dev", testing_dir) - result = run_audit(testing_dir=testing_dir) + result = run_audit(testing_dir) assert "poetry audit report" in result.stdout assert DEV_VULNERABILITY_PACKAGE in result.stdout @@ -71,13 +72,13 @@ def test_vulnerabilities_in_dev_basic_report(tmp_path: Path) -> None: assert DEV_VULNERABILITY_CODE2 in result.stdout assert "vulnerabilities found" in result.stdout assert "No vulnerabilities found" not in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_basic_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir) + result = run_audit(testing_dir) assert "poetry audit report" in result.stdout assert DEV_VULNERABILITY_PACKAGE in result.stdout @@ -88,56 +89,60 @@ def test_vulnerabilities_in_main_dev_basic_report(tmp_path: Path) -> None: assert MAIN_VULNERABILITY_CODE2 in result.stdout assert "vulnerabilities found" in result.stdout assert "No vulnerabilities found" not in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_no_vulnerabilities_json_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("no_vulnerabilities", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json"]) + result = run_audit(testing_dir, "--json") result_dict = json.loads(result.stdout) vulnerabilitie_names = [vulnerability["name"] for vulnerability in result_dict["vulnerabilities"]] + assert "poetry audit report" not in result.stdout assert "metadata" in result_dict.keys() assert len(vulnerabilitie_names) == 0 - assert result.returncode == 0 + assert result.returncode == EXIT_CODE_OK def test_vulnerabilities_in_main_json_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json"]) + result = run_audit(testing_dir, "--json") result_dict = json.loads(result.stdout) vulnerabilitie_names = [vulnerability["name"] for vulnerability in result_dict["vulnerabilities"]] + assert "poetry audit report" not in result.stdout assert "metadata" in result_dict.keys() assert MAIN_VULNERABILITY_PACKAGE in vulnerabilitie_names assert MAIN_VULNERABILITY_CODE1 in result.stdout assert MAIN_VULNERABILITY_CODE2 in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_dev_json_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json"]) + result = run_audit(testing_dir, "--json") result_dict = json.loads(result.stdout) vulnerabilitie_names = [vulnerability["name"] for vulnerability in result_dict["vulnerabilities"]] + assert "poetry audit report" not in result.stdout assert "metadata" in result_dict.keys() assert DEV_VULNERABILITY_PACKAGE in vulnerabilitie_names assert DEV_VULNERABILITY_CODE1 in result.stdout assert DEV_VULNERABILITY_CODE2 in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_json_report(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json"]) + result = run_audit(testing_dir, "--json") result_dict = json.loads(result.stdout) vulnerabilitie_names = [vulnerability["name"] for vulnerability in result_dict["vulnerabilities"]] + assert "poetry audit report" not in result.stdout assert "metadata" in result_dict.keys() assert DEV_VULNERABILITY_PACKAGE in vulnerabilitie_names assert MAIN_VULNERABILITY_PACKAGE in vulnerabilitie_names @@ -145,13 +150,13 @@ def test_vulnerabilities_in_main_dev_json_report(tmp_path: Path) -> None: assert DEV_VULNERABILITY_CODE2 in result.stdout assert MAIN_VULNERABILITY_CODE1 in result.stdout assert MAIN_VULNERABILITY_CODE2 in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_code_in_main_basic_report_with_ignoring_codes(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main", testing_dir) - result = run_audit(testing_dir=testing_dir, args=[f"--ignore-code={MAIN_VULNERABILITY_CODE1}"]) + result = run_audit(testing_dir, f"--ignore-code={MAIN_VULNERABILITY_CODE1}") assert "poetry audit report" in result.stdout assert MAIN_VULNERABILITY_PACKAGE in result.stdout @@ -159,14 +164,14 @@ def test_vulnerabilities_code_in_main_basic_report_with_ignoring_codes(tmp_path: assert "vulnerabilities found but ignored" in result.stdout assert MAIN_VULNERABILITY_CODE1 not in result.stdout assert MAIN_VULNERABILITY_CODE2 in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_basic_report_with_ignoring_codes(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) result = run_audit( - testing_dir=testing_dir, args=[f"--ignore-code={MAIN_VULNERABILITY_CODE1},{DEV_VULNERABILITY_CODE1}"] + testing_dir, f"--ignore-code={MAIN_VULNERABILITY_CODE1},{DEV_VULNERABILITY_CODE1}" ) assert "poetry audit report" in result.stdout @@ -178,13 +183,13 @@ def test_vulnerabilities_in_main_dev_basic_report_with_ignoring_codes(tmp_path: assert DEV_VULNERABILITY_CODE2 in result.stdout assert "vulnerabilities found in" in result.stdout assert "vulnerabilities found but ignored" in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_dev_basic_report_with_ignoring_codes(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=[f"--ignore-code={DEV_VULNERABILITY_CODE1}"]) + result = run_audit(testing_dir, f"--ignore-code={DEV_VULNERABILITY_CODE1}") assert "poetry audit report" in result.stdout assert DEV_VULNERABILITY_PACKAGE in result.stdout @@ -192,14 +197,14 @@ def test_vulnerabilities_in_dev_basic_report_with_ignoring_codes(tmp_path: Path) assert DEV_VULNERABILITY_CODE2 in result.stdout assert "vulnerabilities found in" in result.stdout assert "vulnerabilities found but ignored" in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_json_report_with_ignoring_codes(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) result = run_audit( - testing_dir=testing_dir, args=["--json", f"--ignore-code={MAIN_VULNERABILITY_CODE1},{DEV_VULNERABILITY_CODE1}"] + testing_dir, "--json", f"--ignore-code={MAIN_VULNERABILITY_CODE1},{DEV_VULNERABILITY_CODE1}" ) result_dict = json.loads(result.stdout) vulnerability_names: List[str] = [] @@ -209,62 +214,163 @@ def test_vulnerabilities_in_main_dev_json_report_with_ignoring_codes(tmp_path: P for detail in vuln["vulns"]: vulnerability_codes.append(detail["cve"]) + assert "poetry audit report" not in result.stdout assert MAIN_VULNERABILITY_PACKAGE in vulnerability_names assert DEV_VULNERABILITY_PACKAGE in vulnerability_names assert MAIN_VULNERABILITY_CODE1 not in vulnerability_codes assert MAIN_VULNERABILITY_CODE2 in vulnerability_codes assert DEV_VULNERABILITY_CODE1 not in result.stdout assert DEV_VULNERABILITY_CODE2 in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_basic_report_with_ignoring_main_packages(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=[f"--ignore-package={MAIN_VULNERABILITY_PACKAGE}"]) + result = run_audit(testing_dir, f"--ignore-package={MAIN_VULNERABILITY_PACKAGE}") assert "poetry audit report" in result.stdout assert "vulnerabilities found but ignored" in result.stdout assert MAIN_VULNERABILITY_PACKAGE not in result.stdout assert DEV_VULNERABILITY_PACKAGE in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_basic_report_with_ignoring_dev_packages(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=[f"--ignore-package={DEV_VULNERABILITY_PACKAGE}"]) + result = run_audit(testing_dir, f"--ignore-package={DEV_VULNERABILITY_PACKAGE}") assert "poetry audit report" in result.stdout assert "vulnerabilities found but ignored" in result.stdout assert MAIN_VULNERABILITY_PACKAGE in result.stdout assert DEV_VULNERABILITY_PACKAGE not in result.stdout - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_json_report_with_ignoring_main_packages(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json", f"--ignore-package={MAIN_VULNERABILITY_PACKAGE}"]) + result = run_audit(testing_dir, "--json", f"--ignore-package={MAIN_VULNERABILITY_PACKAGE}") result_dict = json.loads(result.stdout) vulnerabilitie_names = [] for vuln in result_dict["vulnerabilities"]: vulnerabilitie_names.append(vuln["name"]) + assert "poetry audit report" not in result.stdout assert MAIN_VULNERABILITY_PACKAGE not in vulnerabilitie_names assert DEV_VULNERABILITY_PACKAGE in vulnerabilitie_names - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND def test_vulnerabilities_in_main_dev_json_report_with_ignoring_dev_packages(tmp_path: Path) -> None: testing_dir = tmp_path / "testing_package" copy_assets("vulnerabilities_in_main_dev", testing_dir) - result = run_audit(testing_dir=testing_dir, args=["--json", f"--ignore-package={DEV_VULNERABILITY_PACKAGE}"]) + result = run_audit(testing_dir, "--json", f"--ignore-package={DEV_VULNERABILITY_PACKAGE}") result_dict = json.loads(result.stdout) vulnerabilitie_names = [] for vuln in result_dict["vulnerabilities"]: vulnerabilitie_names.append(vuln["name"]) + assert "poetry audit report" not in result.stdout assert MAIN_VULNERABILITY_PACKAGE in vulnerabilitie_names assert DEV_VULNERABILITY_PACKAGE not in vulnerabilitie_names - assert result.returncode == 1 + assert result.returncode == EXIT_CODE_VULNERABILITY_FOUND + + +def test_no_vulnerabilities_basic_report_with_valid_proxy_config(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--proxy-protocol=http", "--proxy-host=localhost", "--proxy-port=3128") + + assert "poetry audit report" in result.stdout + assert result.returncode == EXIT_CODE_OK + + +def test_no_vulnerabilities_basic_report_with_invalid_string_proxy_port(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--proxy-host=localhost", "--proxy-port=string") + + assert "poetry audit report" in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_empty_proxy_port(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--proxy-host=localhost", "--proxy-port=''") + + assert "poetry audit report" in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_string_proxy_protocol(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--proxy-host=localhost", "--proxy-protocol='tcp'") + + assert "poetry audit report" in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_empty_proxy_protocol(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--proxy-host=localhost", "--proxy-protocol=''") + + assert "poetry audit report" in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_json_report_with_valid_proxy_config(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--json", "--proxy-protocol=http", "--proxy-host=localhost", "--proxy-port=3128") + + assert "poetry audit report" not in result.stdout + assert result.returncode == EXIT_CODE_OK + + +def test_no_vulnerabilities_basic_report_with_invalid_string_proxy_port(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--json", "--proxy-host=localhost", "--proxy-port=string") + + assert "poetry audit report" not in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_empty_proxy_port(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--json", "--proxy-host=localhost", "--proxy-port=''") + + assert "poetry audit report" not in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_string_proxy_protocol(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--json", "--proxy-host=localhost", "--proxy-protocol='tcp'") + + assert "poetry audit report" not in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID + + +def test_no_vulnerabilities_basic_report_with_invalid_empty_proxy_protocol(tmp_path: Path) -> None: + testing_dir = tmp_path / "testing_package" + copy_assets("no_vulnerabilities", testing_dir) + result = run_audit(testing_dir, "--json", "--proxy-host=localhost", "--proxy-protocol=''") + + assert "poetry audit report" not in result.stdout + assert "Command line option(s) are invalid" in result.stderr + assert result.returncode == EXIT_CODE_OPTION_INVALID